ietf-netconf-am

HTML

ietf-netconf-am@2017-07-16

moduleietf-netconf-am {
yang-version1.1;
namespace"urn:ietf:params:xml:ns:yang:ietf-netconf-am";
prefixnam;
importietf-inet-types {
prefixinet;
}
importietf-yang-types {
prefixyang;
}
importietf-netconf {
prefixnc;
}
importietf-netconf-acm {
prefixnacm;
}
organization"IETF NETCONF (Network Configuration) Working Group";
contact"WG Web: <http://tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org>
WG Chair: Mehmet Ersue
<mailto:mehmet.ersue@nsn.com>
WG Chair: Mahesh Jethanandani
<mailto:mjethanandani@gmail.com>
Editor: Mahesh Jethanandani
<mailto:mjethanandani@gmail.com>";
description"This module defines an accounting record for NETCONF operations
performed on the server. If these operations are authorized
using rules defined by NACM [RFC6536], then that information is
also captured by this module.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.";
revision"2017-07-16" {
description"Initial version";
reference"RFC XXXX: NETCONF and RESTCONF Accounting";
}
containernam {
nacm:default-deny-all;
description"Parameters for NETCONF Accounting Model.";
leafenable-nam {
typeboolean;
default'true';
description"Enable or disable generation of NETCONF
accounting records. If 'true', accounting
records will be generated. If set to 'false'
no accounting records will be generated.";
}
listaccounting-record {
key "session-idmessage-id";
configfalse;
description"A list of accounting records generated by the server";
leafsession-id {
typenc:session-id-type;
description"If this operation happened over NETCONF, this
field captures the NETCONF session-id. In case
of RESTCONF this field can be left blank.";
}
leafmessage-id {
typeuint32;
description"Id that is assigned to each RPC within a given
NETCONF session. Should be blank in case of
RESTCONF.";
}
leafdate-time {
typeyang:date-and-time;
mandatorytrue;
description"The date and time when the operation was
requested.";
}
leafsrc-ip {
typeinet:ip-address;
mandatorytrue;
description"The source IP address where the request was made
from.";
}
leafgroup {
typenacm:group-name-type;
mandatorytrue;
description"The name of the group that the user who requested
the operation belongs to.";
}
leafuser {
typenacm:user-name-type;
description"The user within the group that is requesting this
operation.";
}
leafrule {
typestring {
length"1..max";
}
description"The name assigned to the rule that was used to
authorize the action, if authorization was
enabled.";
}
leafdata-node {
typenacm:node-instance-identifier;
mandatorytrue;
description"Data Node Instance Identifier associated with the
data node that the request is being made on.
Instance identifiers start with the top-level
data node, and a complete identifier is required
for this value.";
}
anydatavalue {
description"An optional field, it contains the value of any
of the attribute that form the record.
It could be as simple as the filter value
'http' specified that the user requested as part
of the authorization request such as in this
example:
<filter>
<name>http</name>
</filter>
or it could be value being set for a ssh port
in this example:
<ssh>
<port>2022</port>
</ssh>";
}
leafaction {
typenacm:access-operations-type;
mandatorytrue;
description"The type of NETCONF operation being requested.";
}
leafstatus {
typenacm:action-type;
description"Action taken by the server when the above
mentioned rule matched, if authorization was
enable.";
}
} // list accounting-record
} // container nam
} // module ietf-netconf-am

Description

This module defines an accounting record for NETCONF operations
performed on the server. If these operations are authorized
using rules defined by NACM [RFC6536], then that information is
also captured by this module.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.

Data Node Instance Identifier associated with the
data node that the request is being made on.
Instance identifiers start with the top-level
data node, and a complete identifier is required
for this value.

An optional field, it contains the value of any
of the attribute that form the record.
It could be as simple as the filter value
'http' specified that the user requested as part
of the authorization request such as in this
example:
<filter>
<name>ht...